David Reid wrote:
> Joe Orton wrote:
>
>>On Sat, Sep 10, 2005 at 02:47:17AM +0100, David Reid wrote:
>>
>>
>>>Following patch makes some changes to ssl_ext_lookup and changes it's
>>>API, hence the post for review.
>>>
>>>Add some more warnings when things don't go as advertised.
>>
>>
>>I don't think it's appropriate to log warnings (at least at
>>APLOG_WARNING level) from a function like this - only the caller knows
>>whether or not failures require user-visibile warnings or not.
>
>
> OK. I think it makes sense to log them at some level though as otherwise
> there is no indication what's wrong. When testing these caught me out
> for a while, hence my additions. Maybe INFO would be a better level to
> log at?
>
>
>>
>>>We now allow the "known" names to be used as extensions to lookup
>>>expanding the flexability of the function.
>>>
>>>Add an index to allow repeated calls to get different values to handle
>>>the case when the same extension is present multiple times (there is no
>>>restriction how often they can appear I'm aware of).
>>
>>
>>Use of the index seems fine though this is starting to overlap in
>>functionality with the ssl_extlist_by_oid function?
>
>
> Hmm, maybe. Maybe ssl_extlist could just call ssl_ext_lookup?
Like this possibly...
Index: modules/ssl/ssl_expr_eval.c
===================================================================
--- modules/ssl/ssl_expr_eval.c (revision 279892)
+++ modules/ssl/ssl_expr_eval.c (working copy)
@@ -200,55 +200,24 @@
#define NUM_OID_ELTS 8 /* start with 8 oid slots, resize when needed */
-apr_array_header_t *ssl_extlist_by_oid(request_rec *r, const char *oidstr)
+apr_array_header_t *ssl_extlist_by_oid(request_rec *r, const char *extname)
{
- int count = 0, j;
- X509 *xs = NULL;
- ASN1_OBJECT *oid;
+ int count = 0, j, n = 0, len = 0;
apr_array_header_t *val_array;
- SSLConnRec *sslconn = myConnConfig(r->connection);
+ const char *val = NULL;
/* trivia */
- if (oidstr == NULL || sslconn == NULL || sslconn->ssl == NULL)
+ if (extname == NULL)
return NULL;
- /* Determine the oid we are looking for */
- if ((oid = OBJ_txt2obj(oidstr, 1)) == NULL) {
- ERR_clear_error();
- return NULL;
- }
-
- /* are there any extensions in the cert? */
- if ((xs = SSL_get_peer_certificate(sslconn->ssl)) == NULL ||
- (count = X509_get_ext_count(xs)) == 0) {
- return NULL;
- }
-
val_array = apr_array_make(r->pool, NUM_OID_ELTS, sizeof(char *));
- /* Loop over all extensions, extract the desired oids */
- for (j = 0; j < count; j++) {
- X509_EXTENSION *ext = X509_get_ext(xs, j);
-
- if (OBJ_cmp(ext->object, oid) == 0) {
- BIO *bio = BIO_new(BIO_s_mem());
-
- if (X509V3_EXT_print(bio, ext, 0, 0) == 1) {
- BUF_MEM *buf;
- char **new = apr_array_push(val_array);
-
- BIO_get_mem_ptr(bio, &buf);
-
- *new = apr_pstrdup(r->pool, buf->data);
- }
-
- BIO_vfree(bio);
- }
+ while ((val = ssl_ext_lookup(r->pool, r->connection, 1, extname,
+ n++, &len))) {
+ char **newentry =apr_array_push(val_array);
+ *newentry = (char *)val;
}
- X509_free(xs);
- ERR_clear_error();
-
if (val_array->nelts == 0)
return NULL;
else
david
